Object Storage (OBS) update: worm storage now available

Flexible Engine
Release Notes

November, 2023 

What’s new?

Object Storage (OBS) now integrates Write Once Read Many WORM functionality, ensuring that your critical data remains secure and unalterable according to your defined retention policies.

Object Storage (OBS)  

What is it?

OBS is designed to provide efficient and scalable storage capabilities for various needs. It allows users to create, modify, and delete storage buckets, and perform basic operations like uploading, downloading, and deleting objects. With the update, WORM enhances data security by preventing unauthorized deletions or tampering within a specified timeframe. WORM works at both the bucket and object levels in compliance mode. It is now integrated at unchanged price in Object Storage 3AZ service.  

Scenarios

  • In compliance mode, the Write Once Read Many (WORM) protection ensures that an object version remains immutable and cannot be overwritten or deleted by any user, including the root user within your account. Whether applied at the bucket or object version level, enabling WORM mandates the protection of all objects within the specified scope.
  • For bucket-level WORM protection, it is crucial to note that the protection applies to all objects in the bucket. On the other hand, object-level WORM protection is specific to the current object version. In cases where both bucket-level and object-level WORM policies exist, the object-level policy takes precedence.
  • When implementing a WORM retention policy, it applies only to objects uploaded after the policy’s activation. It’s important to be aware that enabling WORM for a bucket automatically activates versioning, and this cannot be suspended later. In instances where an object is concurrently protected by both bucket-level and object-level WORM policies, the object-level policy takes priority.

Limits

  • When WORM is enabled for a bucket, versioning is automatically activated by OBS, and this activation cannot be suspended later for the designated bucket. Objects are protected by WORM based on their unique object version IDs, and only object versions with configured WORM retention policies are eligible for protection. In a scenario where an object, for example, test.txt 001, is safeguarded by WORM, uploading another file with the same name generates a new object version, test.txt 002, without a WORM policy. In such cases, test.txt 002 is not protected and can be deleted. When downloading an object without specifying a version ID, the system retrieves the current object version, in this instance, test.txt 002.
  • A lifecycle rule does not have the capability to delete WORM-protected objects, but it can transition their storage class. Following the cessation of object protection, the object will be deleted in accordance with the expiration rule set in a lifecycle configuration.
  • Once WORM is activated for a bucket, it cannot be disabled or have versioning suspended for the bucket. However, users have the option to disable the default WORM policy for the bucket. It’s important to note that buckets with WORM enabled do not support cross-region replication.
  • In the event of account deregistration or account freezing, WORM-protected objects will be permanently deleted. WORM-based protection is not applicable for migration purposes, and although the metadata of a WORM-protected object can be modified, the fundamental immutability of the object remains intact.

How to use?

To leverage WORM features, users can conveniently perform related operations through the OBS Console and OBS API, ensuring seamless integration and control over data protection policies.

For more information on the service Object Storage (OBS), please visit the HelpCenter page.